CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1128 matches found

RedHat Linux•added 2024/04/23 5:18 p.m.•2 views

python-aiohttp: HTTP request smuggling via llhttp HTTP request parser

A flaw was found in aio-libs aiohttp, where it is vulnerable to HTTP request smuggling, caused by a flaw in the aiohttp.web.Application. By sending a specially crafted HTTPS request, an attacker can poison the web cache, bypass web application firewall protection, and conduct Cross-site scripting...

7.5CVSS7AI score0.06131EPSS

Exploits1References5

RedHat Linux•added 2024/04/23 5:18 p.m.•0 views

aiohttp: follow_symlinks directory traversal vulnerability

A flaw was found in aiohttp. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When...

7.5CVSS7.1AI score0.93664EPSS

Exploits15References5

RedHat Linux•added 2024/04/23 5:18 p.m.•0 views

aiohttp: HTTP request modification

A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts...

7.2CVSS7.2AI score0.00457EPSS

Exploits1References5

RedHat Linux•added 2024/04/23 5:18 p.m.•0 views

python-aiohttp: numerous issues in HTTP parser with header parsing

An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests...

7.5CVSS7.1AI score0.00239EPSS

Exploits1References5

Redos•added 2024/04/23 12:0 a.m.•35 views

ROS-20240423-07

The aiohttp HTTP client vulnerability is related to an incorrect restriction of the path name to a directory with restricted access. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information The aiohttp HTTP client vulnerability...

7.5CVSS7AI score0.93664EPSS

Exploits16

Fedora•added 2024/04/20 1:3 a.m.•32 views

[SECURITY] Fedora 39 Update: python-aiohttp-3.9.3-3.fc39

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

6.5CVSS6.6AI score0.00529EPSS

Exploits0

Fedora•added 2024/04/19 9:44 p.m.•30 views

[SECURITY] Fedora 40 Update: python-aiohttp-3.9.3-3.fc40

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

6.5CVSS6.6AI score0.00529EPSS

Exploits0

F5 Networks•added 2024/04/19 8:36 p.m.•78 views

K000139353: aiohttp vulnerability CVE-2024-23334

Security Advisory Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to...

7.5CVSS6.4AI score0.93664EPSS

Exploits15

Veracode•added 2024/04/19 5:25 a.m.•26 views

Cross Site Scripting(XSS)

aiohttp is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the web.static..., showindex=True function, allowing an attacker with the ability to upload arbitrary filenames to the static file directory to perform Cross Site Scripting due to improper filename santization. Uses wh...

6.1CVSS6.3AI score0.00749EPSS

Exploits0References8Affected Software1

SUSE CVE•added 2024/04/19 2:18 a.m.•1 views

SUSE CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS8.2AI score0.00749EPSS

Exploits0References5

RedhatCVE•added 2024/04/18 8:58 p.m.•46 views

CVE-2024-27306

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static..., showindex=True", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to...

6.1CVSS6AI score0.00749EPSS

Exploits0References3

NVD•added 2024/04/18 3:15 p.m.•22 views

CVE-2024-27306

6.1CVSS5.8AI score0.00749EPSS

Exploits0References7

OSV•added 2024/04/18 3:15 p.m.•3 views

AZL-43372 CVE-2024-27306 affecting package python-aiohttp 3.6.2-3

6.1CVSS6.7AI score0.00749EPSS

Exploits0References1

OSV•added 2024/04/18 3:15 p.m.•1 views

AZL-43357 CVE-2024-27306 affecting package python-aiohttp 3.6.2-3

6.1CVSS6.7AI score0.00749EPSS

Exploits0References1

OSV•added 2024/04/18 3:15 p.m.•2 views

DEBIAN-CVE-2024-27306

6.1CVSS6.8AI score0.00749EPSS

Exploits0References1

UbuntuCve•added 2024/04/18 3:15 p.m.•33 views

CVE-2024-27306

6.1CVSS6.8AI score0.00749EPSS

Exploits0References6

OSV•added 2024/04/18 3:15 p.m.•0 views

UBUNTU-CVE-2024-27306

6.1CVSS6.8AI score0.00749EPSS

Exploits0References7

Debian CVE•added 2024/04/18 2:23 p.m.•22 views

CVE-2024-27306

6.1CVSS6.2AI score0.00749EPSS

Exploits0

Cvelist•added 2024/04/18 2:23 p.m.•26 views

CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling

6.1CVSS6.1AI score0.00749EPSS

Exploits0References6

CVE•added 2024/04/18 2:23 p.m.•363 views

CVE-2024-27306

CVE-2024-27306 : An XSS vulnerability exists in aiohttp’s index pages for static file handling. Root cause: improper validation of input on index/static file pages. The issue is fixed in aiohttp 3.9.4. Public advisories recommend upgrading to the patched version; for those unable to upgrade, a wo...

6.1CVSS5.5AI score0.00749EPSS

Exploits0References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by